recipe-maintainers/cc-ci
0
0
Fork 0
Code Issues 1 Pull Requests 3 Actions Packages Projects Releases Wiki Activity
Files
85d14101efc1c85aca950dd8fc9be5094da00d43
cc-ci/STATUS-rcust.md
autonomic-bot 85d14101ef
All checks were successful
continuous-integration/drone/push Build is passing
Details
status(rcust): M2 sweep first pass — canaries 7/7, 15/21 at baseline, 6 flake-shaped reds re-running serially; spot-grep evidence + zero leaks
2026-06-10 20:14:05 +00:00

8.5 KiB
Raw Blame History

STATUS — sub-phase rcust (recipe-customization restructure)

Plan: /srv/cc-ci/cc-ci-plan/recipe-custom-restructure-full-plan.md (SSOT for this phase). Reference spec: docs/recipe-customization.md @ 76a4b6b. Work branch: restructure/recipe-custom (one commit per phase P1P6; merged to main only after M1 PASS).

Phase progress

  • P1 — single loader + key registry + migrate L1L6 + unit tests + doc gen (branch commit 472a68b)
  • P2 — delete legacy keys/paths: compose.ccci.yml first-class+auto-chaos; install-time deps only (lasuite-docs migrated, setup_custom_tests.sh gone); SKIP_GENERIC meta deleted (env dev-only + loud CI warning); conftest cleanup (deployed/deployed_app/app_domain gone, one deps fixture) (branch commit 8cd72fd)
  • P3 — uniform ctx hook convention: HookCtx(.domain/.base_url/.meta/.deps/.op); all hooks take ctx; legacy signatures raise MetaError at load naming the migration (branch fd02d9f)
  • P4 — custom-test ergonomics: placement rule (custom under functional/+playwright/ only), op_state fixture, deps fixture tests (branch 29a28e2)
  • P5 — customization manifest: one block at run start (non-default meta keys, hooks, overlays, custom-test counts, active CCCI_SKIP_GENERIC* env overrides with !! CI flag) printed + embedded verbatim in results.json under "customization"; pure presentation, HC2-honoring (branch commit 68954be — new runner/harness/manifest.py + tests/unit/test_manifest.py)
  • P6 — docs rewritten to the end state: recipe-customization.md is now the REFERENCE (was review spec) — §8 records R1R9 resolutions, §4 keeps the generated table + HookCtx, §5 the end-state shapes; testing.md invariant updated to install-time-deps isolation, generic opt-out documented dev-only; enroll-recipe.md worked examples (lasuite-docs install-time OIDC, mumble post-F2-14c), deps fixture, ctx signatures (branch commit da558ca)
  • Adversary inbox 19:06Z (P5 manifest dashboard hygiene) — addressed: secret-NAMED meta values (top-level + nested dict keys) render as '' in manifest + results.json; key names stay visible; unit-test pinned (branch commit 858e0f5)

P1P6 verification facts (for the eventual M1 cold-verify)

  • WHERE: branch restructure/recipe-custom, P1=472a68b, P2=8cd72fd, P3=fd02d9f, P4=29a28e2, P5=68954be, P6=da558ca, manifest-redaction fix=858e0f5 (branch head).
  • HOW: cc-ci-run -m pytest tests/unit -q and nix develop .#lint --command scripts/lint.sh from a clean checkout of the branch.
  • EXPECTED: 192 passed; lint: PASS.
  • New single loader: runner/harness/meta.py::load(); all-recipes typo gate + R2 proof in tests/unit/test_meta.py; docs §4 table generated by scripts/gen-meta-docs.py (sync pinned by unit test).

M2 baseline matrix (built BEFORE merge, per plan M2.1)

Expected outcome per recipe dir for the post-merge regression sweep = most recent known-good evidence. Levels are results.json level; evidence = run id under /var/lib/cc-ci-runs// (on cc-ci) unless noted. Bad canaries are EXPECTED to fail at their designed tier.

Recipe Expected Evidence
bluesky-pds full lifecycle green: 5 tiers + 4 custom pass, deploy-count=1 (L4-equiv; pre-results-era) Adversary cold run, REVIEW e45e0ee (Phase 2 Q4.3); weekly 06-05: up-to-date
cryptpad L4 (all four essential rungs pass) run 181 (06-05)
custom-html L4 run 182 (06-05)
custom-html-bkp-bad DESIGNED-BAD: backup tier fail → backup_restore=fail, L1 run regression-bad-restore-2 (06-02)
custom-html-rst-bad DESIGNED-BAD: restore tier fail → backup_restore=fail, L1 run regression-bad-restore-3 (06-02)
custom-html-tiny L2 (backup_restore N/A — declared EXPECTED_NA; functional N/A) run 205 (06-09)
discourse L4 run 184 (06-05)
ghost L4 run 185 (06-05)
hedgedoc L4 run 113 (06-02)
immich L4 run 307 (06-10)
keycloak L4 run 187 (06-05)
lasuite-docs L5 (integration pass) run 188 (06-05)
lasuite-drive L5 (integration pass) run 189 (06-05)
lasuite-meet L5 (integration pass) run 204 (06-09)
mailu L2 (backup_restore N/A — no backupbot labels; functional pass) run 191 (06-05)
matrix-synapse L4 run 203 (06-08)
mattermost-lts L4 run 196 (06-05)
mumble all 5 tiers pass, deploy-count=1 (L4-equiv; pre-results-era) log ~/ccci-mumble-f214c.log on cc-ci (05-31)
n8n L4 run 197 (06-05)
plausible L4 run 308 (06-10)
uptime-kuma L4 run 165 (06-02)

Customization-executed spot-greps for M2.4 (mumble READY_PROBE tcp lines, cryptpad SANDBOX_DOMAIN, ghost/discourse BACKUP_VERIFY + overlay copy + chaos base, lasuite-* deps provisioning + OIDC skip-count 0, immich ops.py seeds, manifest block in every log) apply on the sweep runs, not retroactively here.

Gate

Gate: M2 IN PROGRESS — M1 PASS in REVIEW-rcust.md (01f9f70, 2026-06-10).

  • M2.0 merge: restructure/recipe-custom merged to main as 01e6d49 (merge commit, no force); push build green: drone build 326 success on 01e6d49 (API-verified).
  • M2.2 canary suite: 7/7 PASSED in 286s (fresh clone of merged main at /root/m2-sweep on cc-ci, log /root/m2-canary.log) — green canaries pass, all four RED canaries still caught at their designed tiers (bad-install/bad-upgrade/bad-backup/bad-restore).
  • M2.3 per-recipe sweep (driver /root/m2-driver.sh, 2 concurrent, REF = mirror heads; logs /root/m2-logs/.log; results /var/lib/cc-ci-runs/m2r-/): first pass 15/21 matched baseline — hedgedoc/custom-html/custom-html-tiny/uptime-kuma/n8n/cryptpad/ghost/keycloak/mumble/mailu/ matrix-synapse/lasuite-docs/lasuite-meet at baseline level; both DESIGNED-BAD canaries failed at exactly their designed tier (bkp-bad: backup fail; rst-bad: backup pass→restore fail). 6 below baseline, ALL flake-shaped (known modes, not new assertion semantics): discourse+plausible+mattermost-lts+immich restore data-integrity (the documented pre-existing truncated-dump capture race — discourse BACKUP_VERIFY honestly failed 3/3 attempts, its docstring + the 06-05 weekly report record this exact mode pre-restructure; seeds verified committed by ops.py read-back asserts, i.e. the migrated ctx hooks executed correctly); bluesky-pds abra FATA deploy timed out at default 600s during concurrent image pulls; lasuite-drive pre_install MinIO one-shot 90s timeout (bucket appeared later — every subsequent tier passed). Serial re-runs (MAX=1, /root/m2-rerun.sh, logs /root/m2-rerun-logs/, results m2rr-/) IN PROGRESS for those 6.
  • M2.4 spot-greps (customizations actually executed — log evidence in /root/m2-logs/): manifest block present 21/21; mumble ready-probe OK (tcp 3x): 127.0.0.1:64738; ghost+discourse ccci-overlay: provided compose.ccci.yml ... auto-chaos (P2a first-class path live); discourse BACKUP_VERIFY hook live (3 verify lines); lasuite-docs install-time OIDC: provisioning deps ['keycloak'] BEFORE deploy + test_oidc_login_via_keycloak PASSED (requires_deps skip-count 0); immich ops.py pre_upgrade/pre_backup/pre_restore seed lines; cryptpad EXTRA_ENV='' in manifest + its 4 overlays + playwright green (hook applied); 19 screenshot.png across m2r-* dirs.
  • Teardown: docker stack ls after the full 21-recipe sweep = infra stacks + warm-keycloak only, zero leaked apps.
  • Drone→harness path: !testme on two open recipe PRs pending after the re-runs.

Gate history: M1 CLAIMED 2026-06-10 → PASS (branch head 858e0f5)

  • WHAT: P1P6 complete on branch restructure/recipe-custom (P1=472a68b, P2=8cd72fd, P3=fd02d9f, P4=29a28e2, P5=68954be, P6=da558ca, +858e0f5 manifest redaction). Working tree clean, all pushed.
  • HOW (cold, from a fresh clone of the branch):
    • cc-ci-run -m pytest tests/unit -q → EXPECTED: 192 passed
    • cc-ci-run -m pytest tests/concurrency -q → EXPECTED: 23 passed (untouched by this plan; Builder proof run 2026-06-10 on branch head: 23 passed in 11.46s)
    • nix develop .#lint --command scripts/lint.sh → EXPECTED: lint: PASS
    • resolved-customization diff old-vs-new for all 21 recipe dirs (Adversary's own script) → EXPECTED: 0 deltas
    • adversarial review of the full diff main..restructure/recipe-custom
  • WHERE: origin branch restructure/recipe-custom @ 858e0f5; baseline matrix above (M2 prep, committed pre-merge per plan).

Current

M2 in progress: merge done (01e6d49, build 326 green); canary suite running on cc-ci; 21-recipe sweep queued behind it. Evidence lands here as steps complete.